CWE 78: OS Command Injection flaws occur if your application executes a native command when the name of, path of, or arguments to the command contain untrusted data
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary comman...
其中OS命令注入、随机值不足和异常条件不当处理最为频繁。
OS command injection attacks are exploited by using shell meta characters to escape, or break out of, the hardcoded command and issue additional commands on the system. This particular issue was identified due to a weakness in older versions of the bash shell. Please see http://web.nv...
Veracode Static Analysis will report CWE 78 Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) if it can detect that there are strings from outside of the application (HTTP Request, File, Database, webservice, etc.) being us...
OS Command Injection weakness describes improper neutralization of special elements, which could result in modification of the intended OS command that is sent to a downstream component.
CWE 78: OS Command Injection flaws occur if your application executes a native command when the name of, path of, or arguments to the command contain untrusted data (for example input from a web form, cookie, or database). For example: public class ReportController : Controller { ... pub...